RE: SSH accepts protocol version 1.99

From: Bennett R. Samowich (brs_at_fsproduce.com)
Date: 08/19/03

  • Next message: Bennett R. Samowich: "RE: SSH accepts protocol version 1.99"
    Date: Tue, 19 Aug 2003 14:15:44 -0400
    To: <chris@redstarnetworks.net>
    
    

    Yes, it was through nessus. I also confirmed it by setting PuTTY to use
    protocol version 1 and it still connected. I couldn't find any mention
    of disabling version 1 (except for the Protocol config option). Is it
    possible that this is a bug?

    - Bennett

    -----Original Message-----
    From: Chris Odell [mailto:chris@redstarnetworks.net]
    Sent: Tuesday, August 19, 2003 2:02 PM
    To: Bennett R. Samowich; secureshell@securityfocus.com
    Subject: RE: SSH accepts protocol version 1.99

      Where your findings via "Nessus"? I was wondering the same after I
    removed everything except for version 2 from the config and was
    presented with the same results.

    Chris Odell

    -----Original Message-----
    From: Bennett R. Samowich [mailto:brs@fsproduce.com]
    Sent: Monday, August 18, 2003 1:45 PM
    To: secureshell@securityfocus.com
    Subject: SSH accepts protocol version 1.99

    Greets,

    During an audit we discovered that our SSH daemons allowed protocols
    1.99 and 2.0. We have the line "Protocol 2" in the config file which I
    thought would cause sshd to only allow protocol 2.0.

    Is this true or am I missing something else?

    Thanks in advance,
    - Bennett


  • Next message: Bennett R. Samowich: "RE: SSH accepts protocol version 1.99"

    Relevant Pages

    • [NEWS] SSH Protocol Weakness Vulnerability (MITM)
      ... A weakness in the backward compatibility of the SSH Protocol has been ... SSH version 1.0) is unlikely to have the host key for the other protocol ... The SSH daemons advertise one of two major versions, ...
      (Securiteam)
    • SUMMARY: SSH 2.5.2p2 on Tru64 4.0g
      ... SSH is very particular about the permissions on the $HOME/.ssh ... Always pay particular attention the the ssh SERVERs protocol usage. ... when only using the identity.pub or rsa key. ... file on the remote host to reflect the host name without domain that was ...
      (Tru64-UNIX-Managers)
    • Re: SOCKS 5 protocol & sysadmin
      ... bypassing proxy settings using SOCKS 5 protocol? ... example SSH he can tunnel almost any TCP protocol into it and you will ... By the way, Even without SSH access, Any other opened port can be used ...
      (comp.os.linux.security)
    • Re: Where do the random numbers come from?
      ... I'll look into ssh... ... >>just using an established protocol is that resources on my client are ... > the server is convinced of your identity, a malicious attacker in ... >>Of course you can seed the BouncyCastle random number generator with ...
      (comp.security.ssh)
    • Re: how to react on ssh attacks?
      ... > I recently checked my log files of my ssh service (so far as I ... these attacks will get more sophisticated as time goes on - the ... Protocol 2,1 line in /etc/ssh/sshd_config to say Protocol 2 and then ... Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org ...
      (Fedora)